DoS na 80ku

[Dan Lukes]

Pentium wrote:

> K tem hodnotam sys spise doporucit jake hodnoty

	To je to, co jsem se ti pokusil vysvetlit, ze v zasade nejde. Jednak
proto, ze uvedene hodnoty nemaji prakticky zadny vliv na tvuj problem,
jednak, i kdyby mely, hybani s podobnymi vecmi je treba delat s ohledem
na naprosto konkretni lokalni podminky -  nejcasteji metodou pokus, omyl ...

> a české vysvetleni 

	No, prelozit ti to muzu.

 +++++++++++++++++

>>net.inet.tcp.msl
This is the maximum amount of time to wait for an ACK in reply to a
SYN-ACK or FIN-ACK, in milliseconds. If the computer does not receive an
ACK in this time, it considers the segment lost and frees the network
connection.

Nejdelsi cas (v milisekundach) po ktery se ceka na ACK potvrzujici
SYN-ACK nebo FIN-ACK. V pripade, ze pocitac toto potvrzni nedostane
nejpozdeji za udany cas, uzavre TCP spojeni.
>>net.inet.tcp.blackhole
>>net.inet.udp.blackhole
defines what happens when the system receives a TCP packet on a closed
port. When set to 1, SYN packets arriving on a closed port will be
dropped without a RST packet being sent back. When set to 2, all packets
arriving on a closed port are dropped without an RST being sent back.

	Definuje, co se stane, pokud dorazi TCP paket destinovany na neotevreny
port. U TCP nastaveno na [1] znamena, ze paket bude zahozen a v opacnem
smeru bude odeslan RST paket. [2] znamena, ze paket bude zahozen tise. U
UDP, ktere nema institut RST paketu znamena [1], ze paket bude zahozen tise.

>>net.inet.icmp.icmplim
This controls the maximum number of ICMP "Unreachables" and also TCP RST
packets to return every second.

Urcuje maximalni pocet ICMP unreachables a TCP RST paketu generovanych
za sekundu.

 ++++++++++++++++++++++

	Uz je zrejmejsi na co to je ?

					Dan


-- 
Dan Lukes,  SISAL, MFF UK  tel: +420 2 21914205, fax: +420 2 21914206
AKA: dan at obluda.cz, dan at freebsd.cz, dan at kolej.mff.cuni.cz, dan at fio.cz